ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Email Monitor

Set up periodic email monitoring for any IMAP mailbox (Gmail, Outlook, QQ, etc.). Guides users through mailbox configuration, tests the connection, then crea...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 25 · 0 current installs · 0 all-time installs
by@qiusuo9809
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (periodic IMAP email monitoring) align with the included script and instructions. The fetch_emails.py implements IMAP over SSL, UID-based incremental fetching, optional attachment saving, and outputs results to stdout — all expected for this purpose.
Instruction Scope
SKILL.md explicitly instructs the agent to collect the user's email and password (app password or IMAP password), store them in ~/.openclaw/email-monitor/<sanitized-email>/config.json, run the local fetch_emails.py for testing, and create a cron job via `openclaw cron add`. These steps are within the task scope but involve writing plaintext credentials and saved state/attachments to disk and printing email contents to stdout (which will be visible in the chat) — privacy considerations, not covert behavior.
Install Mechanism
There is no install spec and the skill is instruction-only aside from a small Python script. No external downloads or package installs are performed by the skill itself.
Credentials
The skill requires the user to supply mailbox credentials (app password / account password) which are appropriately the sole sensitive inputs. It does not request unrelated environment variables or cloud credentials. However, credentials are stored in plaintext in a config.json under the user's home directory — expected but a security/privacy risk if the host is shared or unprotected.
Persistence & Privilege
always is false and the skill does not request elevated or cross-skill privileges. The cron job will run under the user's account (per SKILL.md) which is expected for scheduled checks; this is normal but means future periodic runs will access the stored config and mailbox.
Assessment
This skill appears to do what it says, but consider these points before installing: - It asks you to provide and stores mailbox credentials (app password or account password) in plaintext at ~/.openclaw/email-monitor/<sanitized-email>/config.json. Prefer app passwords + 2FA (Gmail) and restrict the file: chmod 600 <config>. Delete the config to revoke access. - Fetched email bodies and attachments may be printed to stdout and shown in chat — avoid feeding highly sensitive mail if you don't want it displayed or stored in chat history. - Attachment downloads (if enabled) are written to the user-specified directory; ensure that path is safe and not world-readable if attachments are sensitive. - The skill creates a cron job via `openclaw cron add` to run the included Python script; the job runs as your user and will have access to the config/state files. Verify the cron command and <skill_dir> expansion when confirming. - Because the skill stores credentials locally, remove the config/state files and cron entry to fully revoke the skill's access. - If you need stronger protection, consider creating a dedicated mailbox or app password with limited rights for monitoring rather than using your primary account password. Overall: internally consistent with the stated purpose, but handle stored credentials and output visibility carefully.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97cjs4akkwkqxkepkybspc68x830sbv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Email Monitor Skill

This skill guides the user through a 6-step onboarding to set up automated email monitoring.

Onboarding Flow

Work through these steps in order, one step per conversation turn. Do not skip ahead.

Step 1 — Ask which mailbox to monitor

Ask the user:

"请告诉我你想监控的邮箱地址是什么?(例如 yourname@gmail.com)"

Step 2 — Provide provider-specific setup guidance

Based on the email domain, read references/imap-setup.md and show the user the relevant setup instructions:

  • @gmail.com → Gmail IMAP + App Password guide
  • @outlook.com / @hotmail.com → Outlook section
  • @qq.com → QQ Mail section
  • Others → Generic IMAP section

Ask the user to provide:

  • Their email address
  • Their app password (or account password for non-Gmail)

Store these in a local config file: ~/.openclaw/email-monitor/<sanitized-email>/config.json

Config template:

{
  "email": "<email>",
  "password": "<password>",
  "imap_host": "<host>",
  "imap_port": 993,
  "mailbox": "INBOX",
  "state_file": "~/.openclaw/email-monitor/<sanitized-email>/state.json",
  "max_emails": 20,
  "fetch_attachments": false,
  "attachment_dir": "~/Downloads/email-attachments"
}

Step 3 — Test connection

Run the fetch script once to verify credentials and connectivity:

python3 <skill_dir>/scripts/fetch_emails.py --config ~/.openclaw/email-monitor/<sanitized-email>/config.json
  • Success: Show the user a sample of fetched emails (first 3), confirm "连接成功!"
  • Failure: Show the error message, help the user troubleshoot (wrong password, IMAP not enabled, etc.)

Only proceed to Step 4 after a successful test.

Step 4 — Ask for polling interval

Ask:

"连接成功!你希望每隔多久检查一次新邮件?(例如:每1小时、每2小时、每天早上8点)"

Parse the user's answer into a valid cron expression. Examples:

  • "每小时" → 0 * * * *
  • "每2小时" → 0 */2 * * *
  • "每天早上8点" → 0 8 * * *
  • "每4小时" → 0 */4 * * *

Step 5 — Ask for notification format and attachment handling

Ask two questions in one message:

消息格式:新邮件通知时,你希望看到哪些信息?

  • A) 简洁版:发件人 + 主题 + 日期
  • B) 标准版:发件人 + 主题 + 日期 + 摘要(前200字)
  • C) 自定义(请描述)

附件:是否需要下载附件?如果需要,保存到哪个目录?

Update config.json with fetch_attachments and attachment_dir based on the response.

Store the notification format preference as notify_format in config.json:

  • "brief" for A
  • "standard" for B
  • "<custom template string>" for C

Step 6 — Summarize and create cron job

Show a confirmation summary:

📧 邮件监控配置确认

邮箱:<email>
检查频率:每 X 小时(cron: <expr>)
通知格式:<format>
下载附件:<yes/no>(保存至:<dir>)

确认后将创建定时任务。确认吗?(是/否)

After user confirms, create the cron job using openclaw:

openclaw cron add "<cron-expr>" "检查邮件 <email>" --run "python3 <skill_dir>/scripts/fetch_emails.py --config ~/.openclaw/email-monitor/<email>/config.json"

Then confirm to the user that the cron task is active.

Running Manually

At any time the user can say "现在检查一下邮件" or similar — run the fetch script and display results using the configured format.

Format Templates

brief:

📩 [<date>] <from> — <subject>

standard:

📩 <subject>
👤 <from>
📅 <date>
---
<snippet>

Config File Location

Always store per-account config at: ~/.openclaw/email-monitor/<sanitized-email>/config.json

Where <sanitized-email> = email address with @ replaced by _at_ and . replaced by _. Example: qiusuo9809_at_gmail_com

State File

The state file tracks the last fetched UID to avoid re-sending old emails. It is auto-managed by scripts/fetch_emails.py. If the user wants to re-fetch all emails, delete the state file.

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…